Duo Universal

Duo Universal

Duo Security
Download

The Duo Universal plugin protects against account takeover by augmenting WordPress logins with multi-factor authentication. Adding Duo is easy and can be done in just a few minutes!

By leveraging Duo’s Universal Prompt, authentications can now use passkeys, biometrics and hardware tokens in addition to phone-based authentication methods. This keeps accounts secure if an attacker learns a user’s login credentials and provides flexible authentication options.

Duo is easy to set up and use. With Duo there’s no extra hardware or complicated software to install, just sign up for Duo’s service and install the plugin. Then you can set which user roles you want to enable multi-factor authentication for admins, editors, authors, contributors, and/or subscribers without setting up user accounts, directory synchronization, servers, or hardware. Users can enroll in Duo authentication and add MFA devices to their accounts as they log into the site.

This plugin reaches out to Duo’s MFA cloud service for the configured user roles which provides an additional layer of authentication.
For more information about Duo’s privacy policy see https://duo.com/legal/cisco-online-privacy-statement
Duo’s terms of service can be found here https://duo.com/legal/terms
Terms of support using Duo’s cloud service are provided here https://duo.com/support

Support for Duo users without a subscription is provided on a best-effort basis via email.

How do I get started with Duo?
Before installing the plugin, you’ll need to sign up for a free account at https://duo.com/.

Is Duo’s two-factor service really free?
Yes, Duo is free up to 10 users and no credit card is required to get started! Paid plans for more than 10 users start at only $1/user/month.

A Good Login Plugin for WP

By ankushdas on May 7, 2024

I use Wordfence on my websites for essential security protection. Sure, the 2FA method is available for free, and is plenty good for most.

However, I have been fascinated with log-in prompts recently, and it saves so much time with the websites that support it. So, I thought, why not add it to my WordPress site? And, in my journey to explore, I found Duo Universal. It's entirely free for up to 10 users - meaning, 10 WordPress applications, (don't get confused when it asks to create a “Trial account”).

Unfortunately, the passkeys functionality is only applicable to the devices you created it in during the trial period. While you can use existing passkeys on the OS you created it in, you cannot create new ones after the trial period ends.

Wish the pricing plan was geared towards individuals, but the premium edition needs you to purchase a subscription for 10 users at once, at the very least :/

Moreover, you get to customize your branded logo + background for free.

I have tested the plugin on two of my websites (WordPress 6.5.2) with different combination of plugins that include: Wordfence, SEOPress, RankMath, Really Simple SSL, Akismet, Malcare, Updraft Backups, and LightSpeed Cache

p.s: I hope more people rate it, and the information for the plugin is updated to "Tested with latest WordPress version"

1.1.0

  • Refactored 2FA session management
    • Switching between multisites will no longer logout the current user.
    • Clearing WordPress caches will no longer logout all users.
    • There is no longer a 48 hour Duo session separate from the WordPress session.
  • Fix plugin file paths on clustered hosting environments.
  • Fixed debug logging to properly enable when using the WP_DEBUG constant.

1.0.0

  • Initial Release

Integrating Duo MFA with WordPress is a breeze.
See our instructions at duo.com

Reviews

4 out of 5 stars

  • Version: 1.1.0
  • Last updated: 3 months ago
  • Active installations: 1K
  • WordPress version: 6.0.0
  • Tested up to: 6.5.5
  • PHP version: 7.3.16